Existing state of art solutions relating to flow control based network security implements flow control at lower level network layers—for example layers 2, 3 or 4 i.e. within the subnet (or MAC) stack, internet (or IP) stack and transport (or TCP/UDP) stack. These existing approaches are based on monitoring Ethernet frames and IP packets at the network level—and are effective in achieving flow control between specific end network devices. Such solutions for API security have so far adopted a singular approach—focusing on one particular attack at a time using user entered policies. Current implementations do not take into account multiple connections from multiple sources to multiple APIs or application servers—over time—nor are current implementations capable of identifying complete attacks. As a result, sophisticated attacks and distributed attacks implemented by hackers are not discovered or identified in time to be able to do something about it.